Hackers steal $45 million from banks in ATM scheme

And now for a data breach story that’s sure to send shivers down the spines of in-house counsel.

News broke yesterday that a global network of hackers stole $45 million from ATMs in 27 countries in a matter of hours. And according to experts, the theft was carried out with ease.

“Unfortunately these types of cybercrimes involving ATMs, where you’ve got a flash mob going out across the globe, are becoming more and more common,” Rose Romero, a former federal prosecutor and regional director for the Securities and Exchange Commission, told the Wall Street Journal. “I expect there will be many more” of these types of crimes, she added.

Yesterday prosecutors announced that they have arrested seven people in the U.S. who operated the New York cell of the global hacker network.

The heist targeted two banks—one in the United Arab Emirates and one in Oman—and consisted of two separate attacks in December 2012, which netted $5 million, and February 2013, which netted $40 million. To carry out the attacks, hackers breached bank databases, eliminated withdrawal limits on prepaid debit cards and created access codes. They then loaded the data onto any plastic cards with magnetic strips. The hackers then withdrew money in multiple cities in a short time period.

According to news reports, no individuals lost money out of the scam because the hackers stole bank funds designated to back up prepaid cards. Nonetheless, the amount the hackers stole is at least double the amount stolen in previous cases, according to analysts from Gartner Inc.